obsidian

3 known vulnerabilities · 1 critical · 1 high

Obsidian does not require user confirmation for non-http/https URLs.

Published May 24, 2022

Obsidian Dataview vulnerable to code injection due to unsafe eval

Published May 24, 2022

GHSA-9c83-rr99-vfwj

MCPVault: PathFilter restricted directories (.git/.obsidian/node_modules) only denied at vault root, not nested

Published Jun 19, 2026

Check your entire dependency tree at onceRun dependency scan →